<?php
	session_start();
	include 'connect.php';
	$strSQL = "SELECT * FROM member WHERE logname = '".mysql_real_escape_string($_POST['logname'])."' 
	and password = '".mysql_real_escape_string($_POST['password'])."'";
	$objQuery = mysql_query($strSQL);
	$objResult = mysql_fetch_array($objQuery);
	if(!$objResult)
	{
			echo "Username and Password Incorrect!";
	}
	else
	{
			$_SESSION["logname"] = $objResult["logname"];
			$_SESSION["MemID"] = $objResult["MemID"];

			session_write_close();
			
			if($objResult["password"] == " ")
			{
				header("location:index.php");
			}
			else
			{
				header("location:index_login.php");
			}
	}
	mysql_close();
?>